<?php
define('INDEX',1);
include (dirname(__FILE__).'/comm/dd.config.php');

//select($table, $sel_field, $where='1', $alert = 0)
//$res = $duoduo->select('user','*',"ddusername = '3124504836'");

$act = empty($_GET['act'])? 'default' : trim($_GET['act']);
/*路由*/
if ($act == 'default') {
	die('hack attempt!!');
}

//自动注册接口
elseif ($act=='auto_reg') {
	$user_name = $_POST['user_name'];
	$pwd = $_POST['pwd'];
	$user_id = $_POST['user_id'];
	$regtime = date('Y-m-d H:i:s',time());
	$md5pwd = md5($pwd);

	$dduser = $duoduo->select('user', 'id,ddusername,email,jihuo', "(ddusername='" . $user_name . "' or email='" . $username . "') and ddpassword='" . $md5pwd . "' and del=0");
	$uid = $dduser['id'];

	$result = array(
		'error'=>'0',
		'msg'=>'',
		'return'=>array()
	);

	$return = $_POST;
	//验证
	$sign = $return['sign'];
	$secret = '334eba43313a4af2a830c65bbc12adb5';
	unset($_POST['sign']);
	$data = $_POST;
	$my_sign = sign($data, $secret);

	if ($sign != $my_sign) {
		$result['error'] = 1;
		$result['msg'] = '签名错误!';
		die(json_encode($result));
	}

	if ($uid > 0) {
		$result['error'] = 1;
		$result['msg'] = '该用户已存在!';
		die(json_encode($result));
	}
	
	$field_arr = array(
		'ddusername'=>$user_name,
		'ddpassword'=>$pwd,
		'regtime'=>$regtime,
		'jd_id'=>$user_id,
		'jihuo'=>'1',
		'txtool'=>'1',
		'platform'=>'1'
	);
	
	$res = $duoduo->insert('user',$field_arr);
	if ($res > 0) {
		$result['msg']= '添加成功!';
		$result['return'] = $return;
	}else{
		$result['error'] = '1';
		$result['msg']= '添加失败，未知错误！';
	}
	die(json_encode($result));
}

elseif ($act=='auto_login') {
	$device = empty($_GET['device'])? 'pc' :$_GET['device'];

	//跳转判断+防盗链转换
	$goto = '';
	switch ($device) {
	 	case 'pc':
	 		$goto = u('user', 'index');
	 		$refer = 'ref1';
	 		break;
		case 'mobile':
	 		$goto = SITEURL . '/m/index.php';
	 		$refer = 'ref2';
	 		break;
	 	default:
	 		break;
	 }

	 //防盗链
	// $refer = 'http://192.168.1.7/post/yj_post.php';
	// if ($refer != $_SERVER['HTTP_REFERER']) {
	// 	die('滚！盗链狗！！！');
	// }
	 
	$uid = $_GET['uid'];
	$uid = 1;
	$dduser = $duoduo->select('user', 'id,ddusername,email,jihuo,ddpassword', "(id='" . $uid . "') and del=0");
	$md5pwd = $dduser['ddpassword'];
	$life = '3600';
	$uid = $dduser['id'];
	user_login($uid, $md5pwd, $life); //登陆状态
	$set_con_arr = array(array('f' => 'ddpassword', 'v' => $md5pwd), array('f' => 'lastlogintime', 'v' => SJ), array('f' => 'loginnum', 'e' => '+', 'v' => 1), array('f' => 'logip', 'e' => '=', 'v' => get_client_ip()));
	$duoduo -> update('user', $set_con_arr, 'id="' . $uid . '"');

	if ($webset['ucenter']['open'] == 1 && $ucid > 0 && AJAX == 0) {
		echo $ucsynlogin = uc_user_synlogin($ucid); //同步登陆代码
	} 

	if ($webset['phpwind']['open'] == 1 && AJAX == 0) {
		$user['id'] = $uid;
		$user['name'] = $username;
		$user['password'] = $md5pwd;
		$user['email'] = $email;
		$user['cookietime'] = $life;
		$goto = $duoduo -> phpwind($user, $goto);
	}
	jump($goto);
}

function sign($data, $secret, $sign_name="sign") {
	ksort($data);
	$str = "";
	foreach ($data as $key => $val) {
		if($key == $sign_name) {
			continue;
		}
	   $str .= $key."=".$val."&";
	}
	$str .= "key=".$secret;
	return strtoupper(md5($str));
}

?>